* Cantinho Satkeys

Refresh History
  • FELISCUNHA: Votosde um santo domingo para todo o auditório  4tj97u<z
    24 de Novembro de 2024, 11:06
  • j.s.: bom fim de semana  49E09B4F
    23 de Novembro de 2024, 21:01
  • j.s.: try65hytr a todos
    23 de Novembro de 2024, 21:01
  • FELISCUNHA: dgtgtr   49E09B4F  e bom fim de semana
    23 de Novembro de 2024, 12:27
  • JPratas: try65hytr A Todos  101yd91 k7y8j0
    22 de Novembro de 2024, 02:46
  • j.s.: try65hytr a todos  4tj97u<z 4tj97u<z
    21 de Novembro de 2024, 18:43
  • FELISCUNHA: dgtgtr  pessoal   49E09B4F
    20 de Novembro de 2024, 12:26
  • JPratas: try65hytr Pessoal  4tj97u<z classic k7y8j0
    19 de Novembro de 2024, 02:06
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    16 de Novembro de 2024, 11:11
  • j.s.: bom fim de semana  49E09B4F
    15 de Novembro de 2024, 17:29
  • j.s.: try65hytr a todos  4tj97u<z
    15 de Novembro de 2024, 17:29
  • FELISCUNHA: ghyt74  pessoal   49E09B4F
    15 de Novembro de 2024, 10:07
  • JPratas: try65hytr A Todos  4tj97u<z classic k7y8j0
    15 de Novembro de 2024, 03:53
  • FELISCUNHA: dgtgtr   49E09B4F
    12 de Novembro de 2024, 12:25
  • JPratas: try65hytr Pessoal  classic k7y8j0 yu7gh8
    12 de Novembro de 2024, 01:59
  • j.s.: try65hytr a todos  4tj97u<z
    11 de Novembro de 2024, 19:31
  • cereal killa: try65hytr pessoal  2dgh8i
    11 de Novembro de 2024, 18:16
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    09 de Novembro de 2024, 11:43
  • JPratas: try65hytr Pessoal  classic k7y8j0
    08 de Novembro de 2024, 01:42
  • j.s.: try65hytr a todos  49E09B4F
    07 de Novembro de 2024, 18:10

Autor Tópico: Reverse Engineering & Memory Hacking of Packed Programs  (Lida 99 vezes)

0 Membros e 1 Visitante estão a ver este tópico.

Online mitsumi

  • Moderador Global
  • ***
  • Mensagens: 117576
  • Karma: +0/-0
Reverse Engineering & Memory Hacking of Packed Programs
« em: 30 de Março de 2021, 10:57 »

MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz, 2 Ch
Genre: eLearning | Language: English + srt | Duration: 15 lectures (1h 44m) | Size: 1.31 GB
Learn how to reverse, debug and patch packed programs - without unpacking - by using Cheat Engine

What you'll learn:
Bypass anti-debuggers
Patch Memory
Use x64dbg debugger
Using Cheat Engine
Using ScyllaHide Plugin
Using SharpOD Plugin
Using built-in hide Debugger functionality
Using Trainers (Loaders) for Process Patching
AOB Code Injection
Direct Byte Patching
ASM scripting for app hacking
LUA scripting for memory hacking
Designing Trainers (Loaders) with CE's Form Designer
Break and Trace
Modify program behaviour
Packing and Disassembling Crackmes using Popular Packers
and more...

Requirements
Assembly language is helpful but not compulsory
Windows PC
Already know how to use x64dbg debugger
Familiar with Cheat Engine

Description
If you had always wanted to learn how to reverse and patch packed programs - without unpacking, then this is the course for you. This course is a follow-up from the earlier course on Reverse Engineering & Memory Hacking. It is the practical application of what you have learnt in the first course. If you think that packing and anti-debugging is good enough to prevent reverse engineering, then you may be in for a surprise. In this course, I will show you how to test the effectiveness of several popular packers by packing crackmes and then reversing them - without unpacking.

Traditionally packed programs are unpacked before debugging is carried out. This is because a packed program's file cannot be patched. Much of software protection has centered on making it difficult to unpack programs. However, the important question is: how effective is packing, obfuscation and anti-debugging as a means to prevent reversing? This course explores several packers to find the answers.

We will do the analysis using a tool called Cheat Engine, which is a prominent tool used by game hackers. This tool could also be used to study and analyze packed program's processes that is running in memory. You will learn how to perform debugging in spite of anti-debugging being implemented. There is no need to unpack and dump memory. Instead of unpacking and then patching the dumped files and fixing IAT (Import Address Table) tables, we will write scripts to hack memory using byte patching using an advanced technique called AOB (Array-Of-Bytes) Injection, by injecting code into code caves (inline memory patching). In this course you will learn how to do all of the above and more.

At the end of this course you will be able to gauge the effectiveness of software packers, obfuscation and anti-debugging protection and also to have a good idea of how to implement extra countermeasures to improve the security of software.

In all the practical exercises and walkthroughs, we will use Crackme's which I have written. You will learn how to pack them using several popular packers and then hack them using Cheat Engine.

What you will learn

How to set hardware breakpoints and debug packed programs in spite of anti-debugging protection

Doing Break and Trace to identify Algorithms for reversing

Identifying addresses to do memory patching

Writing custom trainers (loaders) using Cheat Engine to hack and patch memory

Modify program behavior

Process Patching programs

Creating Lua Scripts for process patching

Test the effectiveness of Anti-Debugging technology

Packing crackmes using popular packers

Hack the packed crackmes and patch their memory during runtime

Prerequisites:

Before taking this course, you should preferably be already familiar with how to use x64dbg and Cheat Engine

Windows PC

Some knowledge of Assembly would be useful but not compulsory

Who this course is for
Anyone who wants to know how to assess the effectiveness of packers against Reverse Engineering
Software Developers who want to implement extra layer of protection in addition to packing and Anti-debugging
Reversing hobbyist who wants to level up their skills to take on packed software
An introduction to Software Protection for anyone who wants to get started in this field


Download link:
Só visivel para registados e com resposta ao tópico.

Only visible to registered and with a reply to the topic.

Links are Interchangeable - No Password - Single Extraction